Strategy and culture are among the primary focuses of leaders in their never-ending quest to maintain organizational viability and effectiveness. In short, strategy offers a formal logic for the company’s goals and orients people around them, while culture expresses goals through values and beliefs and guides activity through shared assumptions and group norms.
“Culture eats strategy for breakfast” is a famous quote from legendary management consultant and writer Peter Drucker. As we look into the meaning of this phrase another comes to mind when it comes to agile and compliance.
Regulated domains exhibit varying levels of criticality, from safety-critical to security-critical. A core characteristic of regulated environments is the necessity to comply with formal standards, regulations, directives and guidance. There is a plethora of regulations and standards which apply across different regulated domains. These are issued by a number of bodies or associations and or region specifics (e.g., ISO, FDA CPT11, IEC62304, ISO 26262 … )
Sadly, because of this. A lot of companies understand it in a way that ‘they’ can’t do agile, because they are in a regulated environement. So to speak: Compliance eats agile for lunch.
With this post, we want to stretch some thougts and lay out, why this is in our view, not true at all.
Agile is the natural friend of regulated environments.
Before we dive into this phase and why we think it’s one to remember, let us first explain our thoughts on culture eats strategy for breakfast.
Culture Eats Strategy for Breakfast
Peter Drucker’s quote is often misinterpreted. Strategy – especially in the area of innovation – is important. But if a company’s culture stands in the way of strategy, implementation becomes difficult or impossible. It really implies that you can set whatever course you want for your business, however, it will be your culture, what your people believe and how they behave, that will ultimitely determine what will get lived out in the work.
Naturally, culture isn’t in about having ‘cool’ workspaces and perks, such as comfy chairs and ping pong tables; it’s about the habits people have formed, how they make decisions, how they respond to challenges, pressure and discomfort, and what they believe is good or bad for success based on what’s been incentivized, rewarded, and reinforced in their workplace. The strategy sets the course, but projects cannot be implemented without the right culture. Conversely, innovation projects influence culture and even strategy: If projects develop in unexpected directions, the strategy is sometimes changed.
If your company aims to survive in today’s fast-changing business environment, you need to answer these questions:
- Who are you?
- What do you believe in?
- What’s your purpose? Why are you doing what you are doing?
The best innovation strategy is of little use if it is not based on an innovation culture in which goals are committed and uncompromisingly implemented, especially in the age of digitization and digital disruption.
The digital change is demanding and complex and it affects every department in the company. Processes have to be digitized and in some cases completely rethought. Digital services and digital business models have to be developed. Without a culture of innovation , the digital transformation in the company promotes this change is difficult to deal with. Companies need employees who continuously question the existing, develop new ideas , test them and implement them step by step.
This all gets ever more demanding when looking at regulated environments and the regulations that companies need to comply with as they produce the worlds largest and toughest systems.
Compliance Eats Agile for Lunch
A lot of companies think that they can’t do or be Agile because of compliance regulations. But this is absolutely not the case. In our experience, there are good measures that can absolutely make this happen.
Continually addressing compliance concerns is one of the nine practices of SAFe’s Enterprise Solution Delivery competency. This is explained in detail in the Achieving Regulatory and Industry Standards Compliance with SAFe.
“Enterprises use SAFe to build some of the world’s largest and most important systems, many of which have unacceptable social or economic costs of failure. Some of these high-assurance systems include medical devices, automobiles, avionics, banking and financial services, and aerospace and defense. To protect public safety, these systems are often subject to extensive regulatory or customer oversight and rigorous compliance requirements.
In addition, many enterprises are subject to other government regulations (examples: Sarbanes-Oxley, HIPAA, ACA, state insurance regulations) that require similar attention and audits to ensure compliance. Historically, organizations operating under such regulations have relied on comprehensive quality management systems (QMS).”
A publication we focus on that is very reputable and true and co-written by Johen Jager, one of our Advisory Board Members, is the ‘Guidance on the use of AGILE practices in the development of medical device software [AAMI TIR45:2012]. It describes that agile principles and development have become an accepted method for developing complex systems and software products. This publicly available Technical Information Report (TIR) by the ‘Association of Advancement of Medical Instrumentation’ (AAMI) lays out the agile manifesto, several practices (e.g. Definition of Done), its application and tailoring in relation to reference models like IEC 62304, ISO 13485, ISO 14971 and ‘FDA CFR, Title 21, Part 820.30’. With this recommendation, I would like to spread the word about scaled agility and agile practices in the development of medical device software.
As PEDCO, we have done countless amounts of webinars and speeches on this topic for you to view. One of our most recent ones was in collaboration with our Partner, CPrime.